Top 5 things you must know to pass the CCSP
The (Certified Cloud Security Professional) CCSP is considered the gold standard in cloud security. The CCSP shows you have the knowledge required to secure any cloud, even without training in that specific cloud.
I was overwhelmed by the amount of material when studying for the CCSP certification. I needed help determining what was valuable, what I could overlook and how in-depth I had to know various topics. My first attempt at the CCSP was a failure. After studying for the next 90 days, I passed the CCSP one year from the day I started studying. This article will guide you on the top five areas you must know to pass the CCSP exam and advance your cloud engineer career!
1. Encryption is your last line of defense in a breach
Encryption is everything in the cloud. You must learn to view the cloud as someone else’s computer to which they may have full access. This means that cloud providers could view the data you store in the cloud if they choose to. Your only solution to securing your data if it falls into the wrong hands is encrypting it and storing the encryption keys somewhere other than that cloud provider.
2. IAM is everything
In the cloud, IAM, specifically having a least privileged model, is critical to have right from the beginning of moving into that cloud. The cloud is an expansive environment that can scale to any demand. You will quickly begin accumulating user accounts, service accounts, service to service accounts, all with different roles and permissions.
Due to the nature of the cloud, it is easy to run into a situation where you have overlapping roles, accounts and permissions. You must keep this to a minimum and keep the bigger picture in mind. What are you deploying into the cloud, what does it need access to and who needs that access? Those three questions will help you keep it to a minimum.
3. Understand service models
One of the first topics I encountered in my studies was service models. This topic was difficult for me because it was hard to tell when one service model ended, and the other started. You must understand the cloud service models inside and out to pass this CCSP exam. The best way for me to learn this material was the following:
- If you can install an OS on something or configure the networking, then it is an IaaS service model.
- It is always a PaaS service model if you are asked about code or databases.
- The last one I felt was the easiest is if you manage nothing of an application, then it is a SaaS application; an example would be Gmail. You don’t know what version of Gmail you use, nor does it matter to you. This is typically an indication that it is a SaaS service model.
4. Have a 10,000-foot view of the cloud
To pass the CCSP, you must maintain a 10,000-foot view of the cloud. What do I mean by this? Here is an example: developers will always want full access to the cloud to build whatever they want. They may even need it, but it doesn’t mean it is the right thing to do.
There must be guardrails in place to protect them from themselves. Before a developer introduces data from an EU resident into the cloud, you should ensure that data and the underlying infrastructure comply with GDPR. This seems simple, but understanding what your organization needs 1-3 years into the future and preparing for it is critical when deploying anything into the cloud.
5. Read, re-read & read again before answering CCSP certification questions
This sounds like a waste of time, but trust me, you must read every question at least three times before answering. In my first attempt at the exam, I didn’t do this on every question. I figured I understood the question better than I did, so I made basic mistakes that cost me points in the long run. Points I should have had; if I did, I likely would have passed.
The second time around, I took the time and read every question three times.
- I did this because the first one was to just read the question.
- The second one was to point out key parts of the paragraph to which I should pay attention.
- The third one was to think through the question and formulate my answer.
This exam is difficult and very complex. Sometimes you will think the CCSP questions are trick questions with no correct answer. Slowing down and reading each question three times before answering will give your brain the time to think through the problem.
For more on the CCSP certification, including domains, CCSP salary and CCSP study resources, check out our CCSP certification hub. And for a detailed overview of cloud engineering, visit the Cloud engineer career hub!